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- The MAILING DATE of this communication appears on the cover sheet with the correspondence address - 
Period for Reply 



A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the peiiod for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1)S Responsive to communication(s) filed on 24 March 2005 . 
2a)D This action is FINAL. 2b)l3 This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1 935 CD. 11, 453 O.G. 21 3. 

Disposition of Claims 

4) E3 Claim(s) 1-23 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) IEI Claim(s) 1-23 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) Q Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10) D The drawing(s) filed on is/are: a)D accepted or b)Q objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

11) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12) D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or (f). 
a)D All b)Q Some * c)D None of: 

1 0 Certified copies of the priority documents have been received. 

2.Q Certified copies of the priority documents have been received in Application No. ; . 

3.0 Copies of the certified copies of the priority documents have been received in this National Stage 
application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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Detailed Action 

1 . This action is responsive to communication: amendment filed on 24 March 2005, 
the original application was filed on 1 December 2000, with acknowledgement of a 
foreign priority date of 3 December 1999. 

2. Due to amendment claims 1-23 are currently pending in this application. Claims 
1 and 6 are independent claims. Claims 1 and 6 have been amended. Claim 23 is 
new. 

Claim Rejections - 35 USC §112 

3. The following is a quotation of the first paragraph of 35 U.S.C. 112: 

The specification shall contain a written description of the invention, and of the manner and process of 
making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the 
art to which it pertains, or with which it is most nearly connected, to make and use the same and shall 
set forth the best mode contemplated by the inventor of carrying out his invention. 

4. Claims 1-23 are rejected under 35 U.S.C. 112, first paragraph, as failing to 
comply with the written description requirement. The claim(s) contains subject matter 
which was not described in the specification in such a way as to reasonably convey to 
one skilled in the relevant art that the inventor(s), at the time the application was filed, 
had possession of the claimed invention. Claims 1 and 6 have been amended to 
include the text "said second address independent of said first address" the applicant 
cites the specification page 9, lines 20-21 as supporting this amendment to the claims. 
The Office disagrees, the applicant is clearly amending claims in an attempt to traverse 
reference. There is no support in specification for the proposed amendment to the 
claims. The word "independent" is never stated in the specification. 
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Response to Arguments 

5. Applicant's arguments filed 24 March 2005 have been fully considered but they 
are not persuasive. 

Applicant has amended the claims in an attempt to traverse cited reference 
Boden et al. U.S. Patent No. 6,615,357 (hereinafter '357). In addition to the 112 
rejection stated above. The Office does not agree that '357 does not teach: 

a) "assigning a first IP address to a terminal outside said LAN" this is taught in '357 
col. 4, lines 51-59 "the user defines a set (in pools 50, 52, and 54) of IP addresses that 
are available for the exclusive use of the VPN NAT function. Each pool is-preferably 
definable as a range of IP address, and is naturally associated with remote ID and local 
ID IP Sec Policy database entities. That is, for each remote ID DB entry and also for 
each Ipcal ID DB entry, the user may optionally specify two IP addresses". The pools 
are defined beforehand but the specific IP address used is assigned to an outside 
terminal when it contacts the VPN from outside of the internal network see '357 col. 5, 
lines 49-65 "When starting an initiator mode connection, the connection manager 
checks if the local client ID is to be translated. If so, the connection manager looks for 
an available IP address from NAT pool, say 52, associated with a remote ID in the 
database. Availability is determined by the connection manger as follows ..." 

b) "said second address independent of said first address" is shown in '357 col. 4 
lines 60-67 "the different meaning of each flavor of VPN NAT motivating the different 
pools are set forth. Although specified on a per remote ID or local ID basis, the pools 
may be managed as three distinct groups of IP addresses". 
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As well as further disclosed in '357 col. 7, lines 35 through col. 8, line 16 "Management 
of IP address availability from the remote ID pool is done by the connection manager 
based on its set of active connections ... for remotely initiated conversations, at start 
since NAT requested, implicit MAP rule 188 is created copying IDcr 182 to rhs 184. In 
step <-1>, the ip address is obtained from appropriate address pool 180 and copied to 
1hs 186". Note managing the available IP address based on active connections has the 
same meaning as assigning a second address independently of first address. 

Claim Rejections - 35 USC § 102 

6. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language 

7. Claims 1-18 and 23 are rejected under 35 U.S.C. 102(e) as being anticipated by 
Boden et al. U.S. Patent No. 6,615,357 (hereinafter '357). 

As to independent claim 1, "A Virtual Private Network (VPN) 
communication method employed for a security gateway apparatus connecting 
between a local area network (LAN) and a wide area network (WAN) including a 
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public network, the communication method comprising the steps of:" is taught in 
'357 col. 2, lines 51 -64; 

"a) assigning a first IP address to a terminal outside said LAN" is shown in 
'357 col. 3, line 40 through col. 4, line 26 and col. 5, lines 49-65; 

"b) adding a Dynamic Host Configuration Protocol (DHCP) communication 
option to an Internet Key Exchange (IKE) data, when establishing an IKE 
communication with a terminal outside the LAN having a connection with the 
WAN" is shown in '357 col. 4, lines 16-27; 

"c) assigning a second IP address from an inside terminal within the LAN 
to the to the terminal outside the LAN during the IKE communication, said second 
address independent of said first address" and "wherein the gateway apparatus 
designates an IP address for the outside terminal from a tunneled IP packet" is 
disclosed in '357 col. 4, line 51 through col. 5, line 65; 

"d) establishing a Security Architecture for the Internet Protocol (IPsec) 
communication that follows the IKE communication, which includes said first IP 
address and said second IP address, wherein the gateway apparatus designates 
the first IP address for the outside terminal from a tunneled IP packet" is taught in 
'357 col. 3, lines 40-65. 

As to dependent 2, "wherein an IP address and a subnet mask address, 
which have same segments as those of the LAN, are distributed to the outside 
terminal, thereby the outside terminal can be virtually regarded as a terminal on 
the LAN" is shown in '357 col. 3, lines 45-56. 
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As to dependent claim 3, "wherein the outside terminal is provided, during 
the IKE communication, with a private IP address that is used on the LAN, in a 
case that the LAN is configured with private IP addresses, whereby the outside 
terminal is allowed to access to a terminal on the LAN" is disclosed in 357 col. 4, 
lines 51-59. 

As to dependent claim 4, "wherein an encryption key and an authentication 
key are exchanged with a public key cryptosystem during the IKE 
communication" is taught in '357 col. 5, line 66 through col. 6, line 9 ("encryption key 
and an authentication key" same as "SA pair"). 

As to dependent claim 5, "wherein the DHCP communication option 
contains an IP address and a subnet mask" is shown in '357 col. 4, lines 16-26 
("option" same as "check box") ("subnet mask" same as "responder IDci and IDcr NAT 
flags"). 

As to dependent claims 11 and 12, these claims are substantially similar to 
above claim 4 and are rejected along the same rationale. 

As to dependent claims 13 and 14, these claims are substantially similar to 
above claim 5 and are rejected along the same rationale. 

As to independent claim 6, this claim is directed to the security gateway 
apparatus of the method of claim 1 and is rejected along the same rationale. 

As to dependent claims 7-10 and 15-18, these claims contain substantially 
similar subject matter as claims 2-5 and 11-14 and are rejected along the same 
rationale. 
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As to dependent claim 23, "wherein said first IP address is assigned to said 
terminal from outside LAN" is taught in '357 col. 2, lines 51-64. 

Claim Rejections - 35 USC § 103 

6. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described 
as set forth in section 1 02 of this title, if the differences between the subject matter sought to be 
patented and the prior art are such that the subject matter as a whole would have been obvious at the 
time the invention was made to a person having ordinary skill in the art to which said subject matter 
pertains. Patentability shall not be negatived by the manner in which the invention was made. 

7. Claims 19-22 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
'357 in further view of Giniger et al. U.S. Patent No. 6,751,729 (hereinafter 729). 

As to dependent claim 19, 
the following is not taught in 357: "wherein said terminal outside the LAN has a 
dialup connection with the WAN" however 729 teaches "In various alternative 
embodiments, different types of communication links 216 are used. For instance, 
communication link 216 can be part of a broadband cable system such as a cable 
television system, ... Alternatively, communication link 216 is a dial-up analog or ISDN 
telephone connection, and communication interfaces 214 and 222 are modems" in col. 
10, lines 9-20. 

It would have been obvious to one of ordinary skill in the art at the time of the 
invention to modify the teachings of '357 a method for dynamically generating NAT rules 
and associating them with the manual or dynamically generated (IKE) Security 
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Associations to include a means to utilize dialup connections. One of ordinary skill in 
the art would have been motivated to perform such a modification to because to 
increase flexibility when establishing remote connections. As indicated by 729 (see col. 
1, lines 33 et seq.) "An important impetus for the adoption of VPN technology by 
business is the significant cost saving associated with the replacement of expensive 
remote access servers and associated long distance dial-up changes". 

As to dependent claim 20, "wherein said second IP address is 
automatically distributed from the terminal within the LAN to the terminal outside 
the LAN during the IKE communication" is taught in '357 col. 5, lines 49-65 "In step 
24, initiator mode connections are started. When starting an initiator mode connection, 
the connection manager checks if the local client ID is to be translated. If so, the 
connection manager looks for an available IP address for NAT pool". 

As to dependent claims 21 and 22, these claims contain substantially similar 
subject matter as claims 19 and 20; therefore they are rejected along the same 
rationale. 
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Conclusion 



9. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Ellen C Tran whose telephone number is 
(571 ) 272-3842. The examiner can normally be reached from 6:30 am to 3:30 pm. 
If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, 
Gregory A Morse can be reached on (571) 272-3838. The fax phone number for the 
organization where this application or proceeding is assigned is 703-872-9306. 
Information regarding the status of an application may be obtained from the Patent Application 
Information Retrieval (PAIR) system. Status information for published applications may be 
obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private 
PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 



Ellen Tran 
Patent Examiner 
Technology Center 2134 
2 June 2005 





